From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark McLoughlin <markmc@redhat.com>
Subject: Re: iptables filtering when bridging
Date: Thu, 10 May 2007 08:38:52 +0100
Message-ID: <1178782732.3587.4.camel@blaa>
References: <60cf56040705090704g3c2775dct4718a6e94a428c21@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <60cf56040705090704g3c2775dct4718a6e94a428c21@mail.gmail.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: David <big.raiders.fan@gmail.com>
Cc: xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

Hi,

On Wed, 2007-05-09 at 10:04 -0400, David wrote:

>   Based on http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png,
> the packet appears to be going the right way, but I can't make it go
> any further.
> 
> Is it possible to have the packets go through the iptables Filter
> tables in Dom0? 

	Yep, packets should be going through iptables as they traverse the
bridge in Dom0 (as the diagram shows), unless it's explicitly disabled.
What does:

  $> sysctl net.bridge.bridge-nf-call-iptables

	show? (It should be "1")

Cheers,
Mark.